diff --git a/Dockerfile b/base/Dockerfile similarity index 98% rename from Dockerfile rename to base/Dockerfile index 0bff717..380194a 100644 --- a/Dockerfile +++ b/base/Dockerfile @@ -125,6 +125,8 @@ ENV POSTGRES_PORT=5432 ENV DEFAULT_DB=lsmb COPY start.sh /usr/local/bin/start.sh +COPY config.sh /usr/local/bin/config.sh +COPY run.sh /usr/local/bin/run.sh RUN chmod +x /usr/local/bin/start.sh && \ mkdir -p /var/www && \ diff --git a/start.sh b/base/config.sh similarity index 85% rename from start.sh rename to base/config.sh index ef0d871..b5679b6 100755 --- a/start.sh +++ b/base/config.sh @@ -1,5 +1,7 @@ #!/bin/bash +set -e + cd /srv/ledgersmb [[ -d ./local/conf/ ]] || mkdir ./local/conf/ if [[ -n "$SSMTP_ROOT" ]]; then @@ -157,19 +159,4 @@ EOF fi fi -# start ledgersmb -# --preload-app allows application initialization to kill the entire -# starman instance (instead of just the worker, which will immediately -# get restarted) on error; it also has a positive effect on memory use - -LSMB_CONFIG_FILE=${LSMB_CONFIG_FILE:-./local/conf/ledgersmb.yaml} -export LSMB_CONFIG_FILE -echo '--------- LEDGERSMB CONFIGURATION: ledgersmb.conf' -cat ${LSMB_CONFIG_FILE} -echo '--------- LEDGERSMB CONFIGURATION --- END' - -# ':5762:' suppresses an uninitialized variable warning in starman -# the last colon means "don't connect using tls"; without it, there's a warning -exec starman --listen 0.0.0.0:5762 --workers ${LSMB_WORKERS:-5} \ - -I lib -I old/lib \ - --preload-app bin/ledgersmb-server.psgi +exit 0 diff --git a/docker-compose-reverseproxy.yml b/base/docker-compose-reverseproxy.yml similarity index 100% rename from docker-compose-reverseproxy.yml rename to base/docker-compose-reverseproxy.yml diff --git a/docker-compose.yml b/base/docker-compose.yml similarity index 100% rename from docker-compose.yml rename to base/docker-compose.yml diff --git a/nginx.conf b/base/nginx.conf similarity index 100% rename from nginx.conf rename to base/nginx.conf diff --git a/base/run.sh b/base/run.sh new file mode 100755 index 0000000..9a35a79 --- /dev/null +++ b/base/run.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +cd /srv/ledgersmb +LSMB_CONFIG_FILE=${LSMB_CONFIG_FILE:-./local/conf/ledgersmb.yaml} +export LSMB_CONFIG_FILE +echo '--------- LEDGERSMB CONFIGURATION: ledgersmb.conf' +cat ${LSMB_CONFIG_FILE} +echo '--------- LEDGERSMB CONFIGURATION --- END' + +# ':5762:' suppresses an uninitialized variable warning in starman +# the last colon means "don't connect using tls"; without it, there's a warning +exec starman --listen 0.0.0.0:5762 --workers ${LSMB_WORKERS:-5} \ + -I lib -I old/lib \ + --preload-app bin/ledgersmb-server.psgi diff --git a/base/start.sh b/base/start.sh new file mode 100755 index 0000000..32f507b --- /dev/null +++ b/base/start.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +home_dir="$(dirname `readlink -f $BASH_SOURCE`)" +"$home_dir/config.sh" || (echo "Failed configuration" ; exit) +exec "$home_dir/run.sh" diff --git a/with-proxy/Dockerfile b/with-proxy/Dockerfile new file mode 100644 index 0000000..6105efe --- /dev/null +++ b/with-proxy/Dockerfile @@ -0,0 +1,49 @@ +FROM lsmb-split:latest +#FROM ledgersmb/ledgersmb:1.11.18 +USER root + +# Remove inherited start.sh +RUN rm -rf /usr/local/bin/start.sh + +# Install nginx and other dependencies +RUN set -x && \ + apt-get update -y && \ + apt-get dist-upgrade -y && \ + apt-get install -y --no-install-recommends \ + nginx wget xz-utils + mkdir -p /var/lib/nginx/body /var/cache/nginx + +COPY nginx.conf /etc/nginx/nginx.conf + +# Install s6-overlay +ARG S6_OVERLAY_VERSION=3.2.0.2 + +RUN set -ex && \ + ARCH="x86_64" && \ + wget -O /tmp/s6-overlay-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz && \ + wget -O /tmp/s6-overlay-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-noarch.tar.xz.sha256 && \ + wget -O /tmp/s6-overlay-${ARCH}.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz && \ + wget -O /tmp/s6-overlay-${ARCH}.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-${ARCH}.tar.xz.sha256 && \ + wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz && \ + wget -O /tmp/s6-overlay-symlinks-noarch.tar.xz.sha256 https://github.com/just-containers/s6-overlay/releases/download/v${S6_OVERLAY_VERSION}/s6-overlay-symlinks-noarch.tar.xz.sha256 && \ + cd /tmp && \ + sha256sum -c *.sha256 && \ + tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz && \ + tar -C / -Jxpf /tmp/s6-overlay-${ARCH}.tar.xz && \ + tar -C / -Jxpf /tmp/s6-overlay-symlinks-noarch.tar.xz + +# Configure nginx and starman with s6 +COPY services/starman/run /etc/services.d/starman/run +RUN chmod +x /etc/services.d/starman/run + +COPY services/nginx/run /etc/services.d/nginx/run +RUN chmod +x /etc/services.d/nginx/run + +COPY scripts/ledgersmb_config /etc/s6-overlay/s6-rc.d/ledgersmb_config +RUN touch /etc/s6-overlay/s6-rc.d/user/contents.d/ledgersmb_config +RUN chmod +x /etc/s6-overlay/s6-rc.d/ledgersmb_config/up + +EXPOSE 80 + +#USER www-data +ENTRYPOINT ["/init"] diff --git a/with-proxy/nginx.conf b/with-proxy/nginx.conf new file mode 100644 index 0000000..ee08c18 --- /dev/null +++ b/with-proxy/nginx.conf @@ -0,0 +1,83 @@ +# This is a full (minimal) nginx configuration file + +error_log /dev/stderr info; +pid /tmp/nginx.pid; +worker_processes 1; +user www-data; + + +events { + worker_connections 1024; +} + +http { + client_body_temp_path /tmp/client_body; + proxy_temp_path /tmp/proxy_temp; + fastcgi_temp_path /tmp/fastcgi_temp; + scgi_temp_path /tmp/scgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /dev/stdout; + error_log /dev/stderr info; + + gzip off; + gzip_static on; + + server { + listen 80 default_server; + listen [::]:80 default_server ipv6only=on; + + root /srv/ledgersmb/UI; + + access_log /dev/stdout; + error_log /dev/stderr info; + + # Don't log status polls + location /nginx_status { + stub_status on; + access_log off; + allow 127.0.0.1; + allow ::1; + deny all; + } + + # Configuration files don't exist + location ^~ \.conf$ { + return 404; + } + + # 'Hidden' files don't exist + location ~ /\. { + return 404; + } + + location = / { + return 301 /login.pl; + } + + # JS & CSS + location ~* \.(js|css)$ { + add_header Pragma "public"; + add_header Cache-Control "public, must-revalidate, proxy-revalidate"; # Production + expires 7d; # Indicate that the resource can be cached for 1 week # Production + try_files $uri =404; + } + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 300; + proxy_pass http://127.0.0.1:5762; + } + } +} diff --git a/with-proxy/scripts/ledgersmb_config/type b/with-proxy/scripts/ledgersmb_config/type new file mode 100644 index 0000000..bdd22a1 --- /dev/null +++ b/with-proxy/scripts/ledgersmb_config/type @@ -0,0 +1 @@ +oneshot diff --git a/with-proxy/scripts/ledgersmb_config/up b/with-proxy/scripts/ledgersmb_config/up new file mode 100644 index 0000000..b6603bc --- /dev/null +++ b/with-proxy/scripts/ledgersmb_config/up @@ -0,0 +1,3 @@ +foreground { echo "Running config..." } + +/usr/local/bin/config.sh diff --git a/with-proxy/services/nginx/run b/with-proxy/services/nginx/run new file mode 100644 index 0000000..edbd1c8 --- /dev/null +++ b/with-proxy/services/nginx/run @@ -0,0 +1,3 @@ +#!/usr/bin/with-contenv /bin/bash + +exec nginx -g "daemon off;" diff --git a/with-proxy/services/starman/run b/with-proxy/services/starman/run new file mode 100644 index 0000000..44218a0 --- /dev/null +++ b/with-proxy/services/starman/run @@ -0,0 +1,3 @@ +#!/usr/bin/with-contenv /bin/bash + +s6-setuidgid www-data /usr/local/bin/run.sh